The present invention relates generally to common cryptographic architecture and more specifically, to a dual-party session key derivation system.
A hardware security module (HSM) is a device with a secure boundary meeting U.S. Government and financial industry security standards for intrusion detection and maintenance of secure data. Common cryptographic architecture (CCA) is a programming interface to the HSM and is noted for achieving secure processing of financial transactions using secret keys and for management of the secret keys.
The HSM is sometimes used as a coprocessor element installed on a host computer. In this installment, the HSM is administered locally for provisioning of secret keys to the HSM itself or as part of an administration session between this host computer and other host computers that have their own HSMs installed. A user of the HSM is authorized using a sophisticated logon process. The user possesses a personal smart card which is read by a smart card reader device, and the credentials stored on the smart card are communicated to the HSM.